
<!-- saved from url=(0053)https://172.16.165.10/template/show_vul_desc?id=71845 -->
<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Main</title>

<link href="https://172.16.165.10/media/stylesheet/nsfocus_2012/pane.css" rel="stylesheet" type="text/css">
<link href="https://172.16.165.10/media/stylesheet/nsfocus_2012/nsfocus_ui.css" rel="stylesheet" type="text/css">
<link href="https://172.16.165.10/media/js/jquery/easyui.css" rel="stylesheet" type="text/css">
<link href="https://172.16.165.10/media/stylesheet/nsfocus_2012/table.css" rel="stylesheet" type="text/css">
<link href="https://172.16.165.10/template/stylesheet/nsfocus_2012/page.css" rel="stylesheet" type="text/css">
<script type="text/javascript" src="https://172.16.165.10/media/js/jquery/jquery-1.7.2.js"></script>
<script type="text/javascript" src="https://172.16.165.10/media/js/prototype.js"></script>
<script type="text/javascript" src="https://172.16.165.10/media/js/cavy.js"></script>
<script type="text/javascript" src="https://172.16.165.10/media/js/ui.js"></script>
<script type="text/javascript" src="https://172.16.165.10/media/js/jquery/jquery.js"></script>
<script type="text/javascript" src="https://172.16.165.10/media/js/page.js"></script>
<script type="text/javascript" src="https://172.16.165.10/media/js/common.js"></script>
<script type="text/javascript" src="https://172.16.165.10/media/js/datepicker/WdatePicker.js"></script><link href="https://172.16.165.10/media/js/datepicker/skin/WdatePicker.css" rel="stylesheet" type="text/css">

</head>
<body class="dialog">
	<div class="content">
		<div class="wrap">
			<div class="cont">
			<table class="cmn_table plumb" style="white-space: pre-wrap;"><tbody><tr class="odd">
					<th>漏洞名称</th>
					<td><img src="https://172.16.165.10/media/images/report/vuln_high.gif">AjaXplorer远程命令注入和本地文件泄露漏洞【原理扫描】
					</td>
				</tr>
				<tr class="even hover">
					<th>漏洞描述</th>
					<td>AjaXplorer可将任一Web服务器转换为文件管理系统，也是云存储提供者。

AjaXplorer 2.6之前版本存在远程命令执行和本地文件泄露漏洞，攻击者可利用此漏洞在受影响应用中执行任意命令，并获取敏感信息。

&lt;*来源：Julien Cayssol
  
  链接：http://www.metasploit.com/modules/exploit/multi/http/ajaxplorer_checkinstall_exec
*&gt;</td>
				</tr>
				<tr class="odd  ">
					<th>解决方法</th>
					<td>厂商补丁：

AjaXplorer
----------
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

http://ajaxplorer.info/</td>
				</tr>
				<tr class="even">
					<th>危险分值</th>
					<td>8.0</td>
				</tr>
				<tr class="odd">
					<th>危险插件</th>
					<td>否</td>
				</tr>
				<tr class="even">
					<th>发现日期</th>
					<td>2012-10-30</td>
				</tr>
				
				
				
				
				<tr class="odd">
					<th>BUGTRAQ</th>
					<td>39334</td>
				</tr>
				
				
				<tr class="even">
					<th>NSFOCUS</th>
					<td>21312</td>
				</tr>
				
				
				
			</tbody></table>
			</div>
		</div>
	</div>
	<div class="button">
		
			<input type="button" class="cmn_btn" value="关闭" onclick="top.dialog2.hide();">
		
		
	</div>


<script type="text/javascript">

</script>
</body></html>